156-215.75 Online Practice Questions and Answers
A Web server behind the Security Gateway is set to Automatic Static NAT. Client side NAT is not checked in the Global Properties. A client on the Internet initiates a session to the Web Server. Assuming there is a rule allowing this traffic, what other configuration must be done to allow the traffic to reach the Web server?
A. Automatic ARP must be unchecked in the Global Properties.
B. A static route must be added on the Security Gateway to the internal host.
C. Nothing else must be configured.
D. A static route for the NAT IP must be added to the Gateway's upstream router.
You just installed a new Web server in the DMZ that must be reachable from the Internet. You create a manual Static NAT rule as follows:
"web_public_IP" is the node object that represents the new Web server's public IP address.
"web_private_IP" is the node object that represents the new Web site's private IP address. You enable all
settings from Global Properties > NAT.
When you try to browse the Web server from the Internet, you see the error "page cannot be displayed".
Which statements are possible reasons for this?
i). There is no route defined on the Security Gateway for the public IP address to the Web server's private
IP address.
ii) There is no Security Policy defined that allows HTTP traffic to the protected Web server. iii) There is an
ARP entry on the Gateway but the settings Merge Manual proxy ARP and Automatic ARP configuration
are enabled in Global Properties. The Security Gateway ignores manual ARP entries.
iv) There is no ARP table entry for the protected Web server's public IP address.
A. (i), (ii), (iv)
B. (iii)
C. (i), (ii)
D. (i), (ii), (iii), (iv)
Sally has a Hot Fix Accumulator (HFA) she wants to install on her Security Gateway which operates with SecurePlatform, but she cannot SCP the HFA to the system. She can SSH into the Security Gateway, but she has never been able to SCP files to it. What would be the most likely reason she cannot do so?
A. She needs to run cpconfig to enable the ability to SCP files.
B. She needs to edit /etc/scpusers and add the Standard Mode account.
C. She needs to run sysconfig and restart the SSH process.
D. She needs to edit /etc/SSHd/SSHd_config and add the Standard Mode account.
All Check Point Suite products before version RXX need to be upgraded to RXX before you can upgrade them to R75. RXX is:
A. R55
B. R65
C. R61
D. R60
Which of the following are authentication methods that Security Gateway R75 uses to validate connection attempts? Select the response below that includes the MOST complete list of valid authentication methods.
A. Proxied, User, Dynamic, Session
B. Connection, User, Client
C. User, Client, Session
D. Connection, Proxied, Session
Which of the following is TRUE concerning control connections between the Security Management Server and the Gateway in a VPN Community? Control Connections are:
A. encrypted using SIC and re-encrypted again by the Community regardless of VPN domain configuration.
B. encrypted by the Community.
C. not encrypted, only authenticated.
D. encrypted using SIC.
Which operating system is not supported by SecureClient?
A. MacOS X
B. Windows XP SP2
C. Windows Vista
D. IPSO 3.9
A digital signature:
A. Provides a secure key exchange mechanism over the Internet
B. Automatically exchanges shared keys.
C. Guarantees the authenticity and integrity of a message.
D. Decrypts data to its original form.
What are you required to do before running the command upgrade_export?
A. Run a cpatop on the Security Management Server
B. Run a cpstop on the Security Gateway
C. Close all GUI clients
D. Run cpconfig and set yourself up as a GUI client
The customer has a small Check Point installation which includes one Windows 7 workstation as the SmartConsole, one Solaris server working as Security Management Server, and a third server running SecurePlatform as Security Gateway. This is an example of a(n):
A. Unsupported configuration
B. Stand-Alone Installation
C. Hybrid Installation
D. Distributed Installation